Raising the Bar for Data Privacy

By: Rene McIver, Chief Security Officer, SecureKey Technologies
For everyone reading this, odds are you have received an email (or several) over the last week warning you of privacy policy updates. While data privacy is constantly top-of-mind for organizations and a phrase dominating the media in recent years, it is no coincidence that these emails are just coming through now.

The reason for the latest surge in organizations’ efforts to better protect data privacy is due to the implementation of the European Union’s General Data Protection Regulation (GDPR). These rules, which came into full effect on May 25, will require companies to obtain explicit permission from customers before accessing their data and will impose strict penalties for misuse of information – such as a fine of four per cent of annual revenue.

The implementation of this legislation marks a massive, global transformation for data privacy. As our chief technology officer, Andre Boysen, has discussed in his latest blogs, GDPR brings global attention to an extremely important issue. From giving consumers an opportunity to obtain, correct or remove personal data about themselves, to ensuring consumers have the right to be forgotten, GDPR rethinks the traditional understanding of data and establishes privacy as a default, not an added bonus.

Corporations globally must prepare for the new regulations and revisit how consumers’ digital information is used and stored – but it is important to note why, considering the legislation is specific to the EU. Well, any corporation that is collecting data from European residents (e.g. Facebook, Google, etc.) must comply with the new regulation. And not only that – it sets a precedent for the level of data privacy that corporations should adhere to. And the domino effect has started – countries including Brazil, Japan and South Korea are already following suit.

There needs to be a global shift in how businesses understand data privacy. With the conversation open, now is the time for Canadians to recognize the importance of this new regulation and evaluate the options for stronger data protection across the country. And Canada’s Privacy Commissioner, Daniel Therrien, agrees, telling The Globe and Mail that GDPR sets an important standard and raises the bar for data privacy in Canada and other countries.

One organization that we have recently teamed up with in our efforts to strengthen data protection across the country is the Decentralized Identity Foundation (DIF). DIF is building an open source decentralized identity ecosystem for people, organizations, apps and devices. Together, our hope is to advance standards-based initiatives for decentralized digital identity ecosystems, which will factor into the development of our privacy-enhancing service to be launched later this year, Verified.Me.

It’s evident that over the next few years, the quantity, importance and speed of data will explode – with significant impact on our economy. This, as well as other essential topics such as the importance of a national Canadian data strategy, will be discussed at the Data Effect conference in Ottawa on June 26. I will be speaking alongside incredible experts including Minister Scott Brison, the Province of Ontario’s Ray Boisvert and University of Waterloo’s Teresa Scassa on these critical topics and would love if you could join us. Register with us at https://dataeffect.cityage.org/.